HHS agencies and divisions must protect client confidential information and respond appropriately to suspected or actual breaches. To safeguard private information and prevent breaches, HHS agencies and divisions must follow:
- Federal and state privacy laws, such as HIPAA, the Texas Medical Records Privacy Act, and the Texas Identity Theft Enforcement and Protection Act.
- Federal and state benefit requirements for Medicaid and other programs.
- HHS policies, including those established by the HHS Privacy Division and HHS Information Security.
The HIPAA privacy rule establishes national standards protecting medical records and other personal health information. The HIPAA privacy rule applies to:
- Health plans
- Health care clearinghouses
- Health care providers conducting certain electronic health care transactions
Under this rule, HHS must protect the privacy of private health information and limit the use and disclosure of that information without the patient's permission. Patients have rights over their health information. They have the right to review and get a copy of their health records and the right to ask for corrections to their health information.
The Health Insurance Portability and Accountability Act of 1996 and the related regulations at 45 C.F.R. Parts 160 and 164, known collectively as HIPAA, establishes standards for the privacy and security of health information. It also has standards for protecting health information transmitted electronically.
For more information on HIPAA, visit the U.S. Department of Health and Human Services, Office for Civil Rights.
Notice of Privacy Practices
- HIPAA privacy requires us to give you a Notice of Privacy Practices. It will let you know how: HHS can use and share your protected health information.
- HHS may need to get your permission before we can share your records.
- HHS must protect the privacy of your health information.
- You have the right to complain to HHS or the U.S. Department of Health and Human Services, Office for Civil Rights if you think your privacy rights have been violated.
- You can contact HHS to get more information about privacy or to file a complaint.
The notice is information only. It doesn't affect your HHS benefits.
You can also get a copy of the Notice of Privacy Practices mailed to you by calling 2-1-1 or 877-541-7905, toll-free. People who are hearing impaired can call 7-1-1 or 800-735-2989 (TYY).